WealthSimple Phishing Email with subject Required Renewal Due to Expiration of Your W-8BEN Form

For the record, this is a Wealthsimple phishing email attempt that is recently going around, with subject Information about your online security and body "Required Renewal Due to Expiration of Your W-8BEN Form"

What to do?  Report them, goto bottom of page. 

From: Wealthsimple <account@chkkwz.com> Subject: Required Renewal Due to Expiration of Your W-8BEN Form Required Renewal Due to Expiration of Your W-8BEN Form   Dear Client, This notice is provided to inform you that the W-8BEN form currently associated with  your account has expired and is no longer valid for tax or regulatory purposes. The W-8BEN plays a critical role in certifying non-U.S. tax residency and determining appropriate withholding and reporting obligations. When tax documentation expires, it no longer satisfies compliance requirements. In the absence of a renewed W-8BEN, default tax treatment may be applied in accordance with applicable regulations. This may affect payment processing, income distributions, or other account-related activities. To ensure your account remains properly documented and compliant, a renewed W-8BEN must be submitted. The renewal process allows you to reconfirm your tax residency information and provide an updated certification reflecting your current status. Please complete the renewal through the secure portal below: Renew Certification After logging in, follow the instructions in the tax documentation section to review your information and submit a new certification. Upon approval, the renewed form will replace the expired documentation currently on file. Submitting your renewal in a timely manner helps ensure uninterrupted account processing and continued regulatory compliance. Have questions or need help? Reach out to our team. Wealthsimple 400 – 80 Spadina Avenue Toronto, ON, M5V 2J4 Instagram | Facebook | Twitter | Instagram Privacy Policy •  View in browser Replies to this email address are not monitored. Have questions? Visit our Help Centre or submit a request to our Client Support team. Managed accounts are offered by Wealthsimple Inc., a registered portfolio manager in each province and territory of Canada. © 2025 Wealthsimple Technologies Inc.

Phishing Link

1. https://bcupcehvwrzr.com/?token=xxxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Windows Explorer File Search Query Builder Online

                                   

Windows Explorer File Search Query Builder

✨ Smart date range: pick "From date" → auto-fills "To date" (if empty)

📅 Date modified range (mm/dd/yyyy) ⚡ Auto-fill: From → To

From date (start)

To date (end)

✓ Enable date range filter

📅 Output format: datemodified:4/15/1990..12/1/2025 (Windows uses mm/dd/yyyy)

💾 File size range (min..max)

Minimum size

KB

Maximum size

KB

✓ Enable size range filter

Use MB (converts values to MB in output)

💾 Output examples: size:500KB..5MB or size:10MB..100MB

📄 File types (choose any combination)

📌 Multiple types: (type:=.pdf OR type:=.docx OR type:=.jpg)

📋 🔍 Optimized Explorer Query (range syntax)

🧩 Uses datemodified:start..end and size:min..max syntax — paste directly into Windows File Explorer.

⚡ Windows supports range queries with .. (two dots). Smart: pick a "From date" → auto-fills "To date" to same day (if empty).

CAA Phishing Email with subject Your Emergency Tool Is Reserved — Claim It Now

For the record, this is a CAA storage phishing email attempt that is recently going around, with subject Information about your online security and body "Your Emergency Tool Is Reserved — Claim It Now"

What to do?  Report them, goto bottom of page. 

From: CAA Members Update <news.ixu@wildrock0511.zonafrancabarranquilla.com> Subject: Your Emergency Tool Is Reserved — Claim It Now CAA Hello We appreciate your continued interest in road safety. A note regarding your road safety profile: In recognition of your commitment, we have reserved a Breaker 2‑in‑1 Emergency Tool for your account. This device cuts through jammed seatbelts and shatters tempered glass — designed for critical roadside moments. Confirm your details below — availability is limited to registered members. Confirm My Tool Sincerely, Your CAA Team Vehicle Safety Device

Phishing Link

1. http://xn--xxx-xxxx.hdslholdings.com/xxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx